Add an Active Directory server
You can add an Active Directory server for user authentication. Do as follows:
- Go to Authentication > Servers and click Add.
- From the Server type list, select Active directory.
- Enter a name.
- Type an IP address and port.
- Enter the NetBIOS domain for the server.
Enter an ADS username to query the server.
Any domain-joined user account can query, search, and read AD group membership. These rights are sufficient to import groups from the AD server.
Enter the Password for the ADS user.
Choose one of the following options from the Connection security drop-down menu:
- Plaintext: Send user credentials as unencrypted plain text.
- SSL/TLS (Default): Use Secure Sockets Layer/Transport Layer Security to encrypt the connection.
- STARTTLS: Upgrade a non-encrypted connection by wrapping it with SSL/TLS after or during the connection process. Uses the default port.
We recommend using an encrypted connection.
Select Validate server certificate if you want the firewall to validate the certificate when connecting to the external server.
If you turn this option on, you must upload the AD server certificate to the firewall on Certificates > Certificates > Add > Upload certificate, or the connection to the AD server will fail.
Enter a Display name attribute for the server. Users see this as the server name.
- Enter an Email address attribute. This is the alias for the configured email address, which the firewall shows to the user.
- Enter your Domain name.
Enter the Search queries to run on the server. Click Add and create an LDAP query.
Only users selected by the Search queries appear in Live Users.
Click Test connection to validate the user credentials and check the connection to the server.
When you configure synchronized user ID and STAS, the authentication server uses the mechanism from which it receives the sign-in request first.
Go to Authentication > Services and select servers to use for service authentication.